Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems.
Protect Your Identity by Keeping Your Social Media Presence Clean:
- On your social media accounts, minimize the amount of personal information that you display.
- In particular, minimize how visible your information is to any untrusted individuals.
- This way, those who are not approved to be your friend or contact on the platform will be less likely to view your personal information.
- Most sites offer this as a privacy option in the settings for your account.
Pay Attention to Data Breaches to Protect Your Identity:
- Identity thieves often target large retail chains and other organizations to steal customer data.
- Pay attention to any data breaches announced in the media.
- A lot of the time, it isn’t you that gives away your information, it is someone else who has access to that data. Keep informed about breaches.
- If you are part of one, change your password ASAP and monitor activity.
Be On Guard Against Unknown People Asking For Sensitive Data:
- Social engineers may try to trick you into giving away sensitive information, such as user login names and passwords or credit card numbers.
- They may pose as authorized users or members of a security firm, for example.
- Remain on guard and verify the identity of any person making an unsolicited request before you give away information by phone, email, or in person.
Most Ransomware Attacks Begin Because of a Human Act:
- Most of the time, a ransomware attack is successful because of something a human did.
- Clicking a link, downloading an attachment, or logging into an unsafe site, are the most common ways ransomware other malware get on devices and networks.
- Always be suspicious when examining emails and other communications and never log into a questionable site.
Ways to Avoid Being a Victim of a Phish:
| Do | Don’t |
| Keep your software and browsers up to date | Don't click on any links in any email sent from unknown or suspicious senders |
| Hover over links to identify obvious fakes; make sure that an embedded link is taking you to the exact website it purports to be | Don't send an email the looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones |
| Take your time and inspect emails for obvious red flags: misspelled words and bad grammar, incorrect URL domains, unprofessional and suspicious visuals, and unrecognized senders | Don't download content that your browser or security software alerts you may be malicious |
| Instead of clicking on a link provided in an email, visit the website of the company that allegedly sent the email to make sure the deal being advertised is also on their webpage | Don't give away personal information like your credit card number, home address, or social security number to a site or email address you think may be suspicious |